Prev: bgp anycast addressing
Next: IP CLASSLESS not working
From: Fletcher James on 5 May 2008 10:21
You said:

> The suggestion by other responders to approach Verizon to see if they
> will provide a /30 or /31 for the FIOS link would definitely be
> worthwhile pursuing.
>

One month ago: After 30 minutes on hold & several intermediary stops, the
very 1st tech I spoke with said, "Oh, yeah we just need to get you another
IP address." He then transferred me to the business office and jumped off
the line. The business office said sure, the would be able to ... expand my
block to 128 or 256 (leaving me with the same problem) but had NO policy
under which they could sell a discontiguous IP address! I then spent
another 45 minutes going in circles, until I found another tech who said
"Oh, yeah we just need to get you another IP address. Let me transfer you
to the Business Office..."

You also said:
> Option D would probably work but it is definitely a cludge.
>

I hope that's true -- it would seem to be our only serious alternative to
double NATing. I agree it's unusual -- do you know whether there's some
specific downside, from the standpoint of performance or reliability? Do
you think we will need arp proxy to make this work (which our current config
does)?

"Merv" <merv.hrabi(a)rogers.com> wrote in message
news:71f3f8f2-d2b4-44f3-a19a-53290671f813(a)26g2000hsk.googlegroups.com...
>
> 1. It appears that the router in question is using a Fast Ethernet
> interface facing the FIOS ONT.
> If this is in fact the case then an ip unnumbered command will be
> rejected on a multi-access interface.
> ip unnumbered can only be used on point-to-point serial interfaces.
>
>
> 2. The following static routing construct is viable:
> ip classless
> ip route 0.0.0.0 0.0.0.0 70.x.x.1
> ip route 70.x.x.1 255.255.255.255 FastEthernet0/1
>
>
> Option D would probably work but it is definitely a cludge.
>
> The suggestion by other responders to approach Verizon to see if they
> will provide a /30 or /31 for the FIOS link would definitely be
> worthwhile pursuing.
>
> However be forewarned that if Verizon has not planned for this
> "feature", it will impact their service provisioning systems and they
> will less inclined to provide what you are looking for - i.e a /30 for
> the FIOS link.
>
>
>
>
>

From: Merv on 5 May 2008 11:24

> You also said:
>
> > Option D would probably work but it is definitely a cludge.
>
> I hope that's true -- it would seem to be our only serious alternative to
> double NATing. I agree it's unusual -- do you know whether there's some
> specific downside, from the standpoint of performance or reliability? Do
> you think we will need arp proxy to make this work (which our current config
> does)?


if you configured say 70.x.x.2 on the "inside" FE router interface and
made that the default gateway for all the devices, then proxy ARP
could be disabled on the inside interface

Proxy ARP would need to be enabled on the outside interface to answer
ARP request for 70.x.x.y coming from the Verizon router @ 70.x.x.1

You could try the following to see if it works for you from both a
connectivity and a performance perspective, save your current config
before doing so.


int fa 0/0
description inside LAN interface
ip addr 70.x.x.2 255.255.255.192 ! default gateway for devices on
LAN

int fa 0/1
description outside interface facing Verizon FIOS ONT
ip addr <any IP address / some mask>
ip proxy-arp ! in order to be able to answer ARP requests from
70.x.x.1

ip classless
ip route 0.0.0.0 0.0.0.0 70.x.x.1
ip route 70.x.x.1 255.255.255.255 FastEthernet0/1




From: Trendkill on 5 May 2008 11:47
On May 5, 11:24 am, Merv <merv.hr...(a)rogers.com> wrote:
> > You also said:
>
> > > Option D would probably work but it is definitely a cludge.
>
> > I hope that's true -- it would seem to be our only serious alternative to
> > double NATing. I agree it's unusual -- do you know whether there's some
> > specific downside, from the standpoint of performance or reliability? Do
> > you think we will need arp proxy to make this work (which our current config
> > does)?
>
> if you configured say 70.x.x.2 on the "inside" FE router interface and
> made that the default gateway for all the devices, then proxy ARP
> could be disabled on the inside interface
>
> Proxy ARP would need to be enabled on the outside interface to answer
> ARP request for 70.x.x.y coming from the Verizon router @ 70.x.x.1
>
> You could try the following to see if it works for you from both a
> connectivity and a performance perspective, save your current config
> before doing so.
>
> int fa 0/0
> description inside LAN interface
> ip addr 70.x.x.2 255.255.255.192 ! default gateway for devices on
> LAN
>
> int fa 0/1
> description outside interface facing Verizon FIOS ONT
> ip addr <any IP address / some mask>
> ip proxy-arp ! in order to be able to answer ARP requests from
> 70.x.x.1
>
> ip classless
> ip route 0.0.0.0 0.0.0.0 70.x.x.1
> ip route 70.x.x.1 255.255.255.255 FastEthernet0/1

I think the issue is that his range is ..64/26, and he was told to
use .66 as his router w/ a 24 bit mask (so he can hit .1) and not to
use anything else. Therefore I'm not sure he can put a different
address on that external interface, and there is no easy way to subnet
without cutting out half of his assigned addresses. If he uses the
first set to assign a /30, then he can't get to Verizon's router, and
if he could, then he can't easily subnet whats left without vlan'ing
it into a /30, a /29, a /28, and a /27. What a pain, I'd be screaming
at verizon for a /30, even if its not public.
From: Trendkill on 5 May 2008 11:52
On May 5, 11:47 am, Trendkill <jpma...(a)gmail.com> wrote:
> On May 5, 11:24 am, Merv <merv.hr...(a)rogers.com> wrote:
>
>
>
> > > You also said:
>
> > > > Option D would probably work but it is definitely a cludge.
>
> > > I hope that's true -- it would seem to be our only serious alternative to
> > > double NATing. I agree it's unusual -- do you know whether there's some
> > > specific downside, from the standpoint of performance or reliability? Do
> > > you think we will need arp proxy to make this work (which our current config
> > > does)?
>
> > if you configured say 70.x.x.2 on the "inside" FE router interface and
> > made that the default gateway for all the devices, then proxy ARP
> > could be disabled on the inside interface
>
> > Proxy ARP would need to be enabled on the outside interface to answer
> > ARP request for 70.x.x.y coming from the Verizon router @ 70.x.x.1
>
> > You could try the following to see if it works for you from both a
> > connectivity and a performance perspective, save your current config
> > before doing so.
>
> > int fa 0/0
> > description inside LAN interface
> > ip addr 70.x.x.2 255.255.255.192 ! default gateway for devices on
> > LAN
>
> > int fa 0/1
> > description outside interface facing Verizon FIOS ONT
> > ip addr <any IP address / some mask>
> > ip proxy-arp ! in order to be able to answer ARP requests from
> > 70.x.x.1
>
> > ip classless
> > ip route 0.0.0.0 0.0.0.0 70.x.x.1
> > ip route 70.x.x.1 255.255.255.255 FastEthernet0/1
>
> I think the issue is that his range is ..64/26, and he was told to
> use .66 as his router w/ a 24 bit mask (so he can hit .1) and not to
> use anything else. Therefore I'm not sure he can put a different
> address on that external interface, and there is no easy way to subnet
> without cutting out half of his assigned addresses. If he uses the
> first set to assign a /30, then he can't get to Verizon's router, and
> if he could, then he can't easily subnet whats left without vlan'ing
> it into a /30, a /29, a /28, and a /27. What a pain, I'd be screaming
> at verizon for a /30, even if its not public.

I wonder if he could ask Verizon to put a secondary IP on the VLAN of
interface on their router, say .67. Assign a /31 point to point for
the router uplink, then have the router split up the /30, /29, /28, /
27 (presuming his switch is not a L3 switch), and trunk it to the
switch. He will lose some addressing for network/broadcast addresses,
but this could work. He would then be effectively giving Verizon one
of his own addresses. Would that work?
From: Merv on 5 May 2008 12:04

Oh I would definitely pick up the phone and call again ...

I wonder if this would work:

int fa 0/0
description inside LAN interface
ip addr 70.x.x.66 255.255.255.192 ! default gateway

int fa 0/1
description outside interface facing Verizon FIOS ONT
ip addr <any IP address / some mask>
ip proxy-arp ! to answer ARP requests from 70.x.x.1

ip classless
ip route 0.0.0.0 0.0.0.0 70.x.x.1
ip route 70.x.x.1 255.255.255.255 FastEthernet0/1

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: bgp anycast addressing
Next: IP CLASSLESS not working